From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>, Andi Kleen <ak@linux.intel.com>,
linux-man <linux-man@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: [PATCH v2] perf_event_open.2: update the man page with CAP_PERFMON related information
Date: Tue, 27 Oct 2020 19:48:25 +0300 [thread overview]
Message-ID: <33c10554-c0ee-9e46-2946-67a9deac6752@linux.intel.com> (raw)
Extend perf_event_open 2 man page with the information about
CAP_PERFMON capability designed to secure performance monitoring
and observability operation in a system according to the principle
of least privilege [1] (POSIX IEEE 1003.1e, 2.2.2.39).
[1] https://sites.google.com/site/fullycapable/, posix_1003.1e-990310.pdf
Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
---
man2/perf_event_open.2 | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/man2/perf_event_open.2 b/man2/perf_event_open.2
index 4827a359d..9810bc554 100644
--- a/man2/perf_event_open.2
+++ b/man2/perf_event_open.2
@@ -97,6 +97,8 @@ when running on the specified CPU.
.BR "pid == \-1" " and " "cpu >= 0"
This measures all processes/threads on the specified CPU.
This requires
+.B CAP_PERFMON
+(since Linux 5.8) or
.B CAP_SYS_ADMIN
capability or a
.I /proc/sys/kernel/perf_event_paranoid
@@ -108,9 +110,11 @@ This setting is invalid and will return an error.
When
.I pid
is greater than zero, permission to perform this system call
-is governed by a ptrace access mode
+is governed by
+.B CAP_PERFMON
+(since Linux 5.9) and a ptrace access mode
.B PTRACE_MODE_READ_REALCREDS
-check; see
+check on older Linux versions; see
.BR ptrace (2).
.PP
The
@@ -2925,6 +2929,8 @@ to hold the result.
This allows attaching a Berkeley Packet Filter (BPF)
program to an existing kprobe tracepoint event.
You need
+.B CAP_PERFMON
+(since Linux 5.8) or
.B CAP_SYS_ADMIN
privileges to use this ioctl.
.IP
@@ -2967,6 +2973,8 @@ have multiple events attached to a tracepoint.
Querying this value on one tracepoint event returns the id
of all BPF programs in all events attached to the tracepoint.
You need
+.B CAP_PERFMON
+(since Linux 5.8) or
.B CAP_SYS_ADMIN
privileges to use this ioctl.
.IP
@@ -3175,6 +3183,8 @@ it was expecting.
.TP
.B EACCES
Returned when the requested event requires
+.B CAP_PERFMON
+(since Linux 5.8) or
.B CAP_SYS_ADMIN
permissions (or a more permissive perf_event paranoid setting).
Some common cases where an unprivileged process
@@ -3296,6 +3306,8 @@ setting is specified.
It can also happen, as with
.BR EACCES ,
when the requested event requires
+.B CAP_PERFMON
+(since Linux 5.8) or
.B CAP_SYS_ADMIN
permissions (or a more permissive perf_event paranoid setting).
This includes setting a breakpoint on a kernel address,
@@ -3326,6 +3338,22 @@ The official way of knowing if
support is enabled is checking
for the existence of the file
.IR /proc/sys/kernel/perf_event_paranoid .
+.PP
+.B CAP_PERFMON
+capability (since Linux 5.8) provides secure approach to
+performance monitoring and observability operations in a system
+according to the principal of least privilege (POSIX IEEE 1003.1e).
+Accessing system performance monitoring and observability operations
+using
+.B CAP_PERFMON
+rather than the much more powerful
+.B CAP_SYS_ADMIN
+excludes chances to misuse credentials and makes operations more secure.
+.B CAP_SYS_ADMIN
+usage for secure system performance monitoring and observability
+is discouraged with respect to
+.B CAP_PERFMON
+capability.
.SH BUGS
The
.B F_SETOWN_EX
--
2.24.1
next reply other threads:[~2020-10-27 16:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-27 16:48 Alexey Budankov [this message]
2020-10-27 16:57 ` [PATCH v2] perf_event_open.2: update the man page with CAP_PERFMON related information Michael Kerrisk (man-pages)
2020-10-27 17:10 ` Alexey Budankov
2020-10-27 17:11 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33c10554-c0ee-9e46-2946-67a9deac6752@linux.intel.com \
--to=alexey.budankov@linux.intel.com \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mtk.manpages@gmail.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.